PKI Deployment Scriptlets

* Introduced concept of "admin-domain" originally as a
  separate folder, and later incorporated this concept
  into an optional instance prefix
* Revised definition of <pki_instance_id> to be identified
  as "[<pki_admin_domain_name>-]<pki_instance_name>
* Changed NSS security database model from one shared
  database by BOTH a single Tomcat AND single Apache instance
  into one per Tomcat instance (shared by CA/KRA/OCSP/TKS) and
  one per Apache instance (shared by RA/TPS)
* Altered Configuration 'scriptlet' to invoke Jython for
  access to new Java configuration servlet
* Renamed various "scriptlets" to comply with this new layout
* Re-aligned code to account for revised layout documented at
  http://pki.fedoraproject.org/wiki/PKI_Instance_Deployment

1 files changed, 41 insertions, 9 deletions

diff --git a/base/deploy/src/scriptlets/security_databases.py b/base/deploy/src/scriptlets/security_databases.py
index f32b7e497..1a08fdccb 100644
--- a/base/deploy/src/scriptlets/security_databases.py
+++ b/base/deploy/src/scriptlets/security_databases.py
@@ -27,7 +27,7 @@ import pkimessages as log
 import pkiscriptlet
 
 
-# PKI Deployment Security Database Classes
+# PKI Deployment Security Databases Scriptlet
 class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
     rv = 0
 
@@ -36,11 +36,15 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
                             extra=config.PKI_INDENTATION_LEVEL_1)
         if not config.pki_dry_run_flag:
             util.password.create_password_conf(
-                master['pki_shared_password_conf'])
+                master['pki_shared_password_conf'],
+                master['pki_pin'])
             util.file.modify(master['pki_shared_password_conf'])
             util.certutil.create_security_databases(
                 master['pki_database_path'],
-                master['pki_shared_password_conf'])
+                master['pki_cert_database'],
+                master['pki_key_database'],
+                master['pki_secmod_database'],
+                password_file=master['pki_shared_password_conf'])
             util.file.modify(master['pki_cert_database'], perms=\
                 config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS)
             util.file.modify(master['pki_key_database'], perms=\
@@ -49,6 +53,9 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
                 config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS)
             rv = util.certutil.verify_certificate_exists(
                      master['pki_database_path'],
+                     master['pki_cert_database'],
+                     master['pki_key_database'],
+                     master['pki_secmod_database'],
                      master['pki_self_signed_token'],
                      master['pki_self_signed_nickname'],
                      password_file=master['pki_shared_password_conf'])
@@ -58,6 +65,9 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
                     master['pki_self_signed_noise_bytes'])
                 util.certutil.generate_self_signed_certificate(
                     master['pki_database_path'],
+                    master['pki_cert_database'],
+                    master['pki_key_database'],
+                    master['pki_secmod_database'],
                     master['pki_self_signed_token'],
                     master['pki_self_signed_nickname'],
                     master['pki_self_signed_subject'],
@@ -70,12 +80,19 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
                 util.file.delete(master['pki_self_signed_noise_file'])
         else:
             util.password.create_password_conf(
-                master['pki_shared_password_conf'])
+                master['pki_shared_password_conf'],
+                master['pki_pin'])
             util.certutil.create_security_databases(
                 master['pki_database_path'],
-                master['pki_shared_password_conf'])
+                master['pki_cert_database'],
+                master['pki_key_database'],
+                master['pki_secmod_database'],
+                password_file=master['pki_shared_password_conf'])
             rv = util.certutil.verify_certificate_exists(
                      master['pki_database_path'],
+                     master['pki_cert_database'],
+                     master['pki_key_database'],
+                     master['pki_secmod_database'],
                      master['pki_self_signed_token'],
                      master['pki_self_signed_nickname'],
                      password_file=master['pki_shared_password_conf'])
@@ -85,6 +102,9 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
                     master['pki_self_signed_noise_bytes'])
                 util.certutil.generate_self_signed_certificate(
                     master['pki_database_path'],
+                    master['pki_cert_database'],
+                    master['pki_key_database'],
+                    master['pki_secmod_database'],
                     master['pki_self_signed_token'],
                     master['pki_self_signed_nickname'],
                     master['pki_self_signed_subject'],
@@ -112,16 +132,28 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
         config.pki_log.info(log.SECURITY_DATABASES_DESTROY_1, __name__,
                             extra=config.PKI_INDENTATION_LEVEL_1)
         if not config.pki_dry_run_flag:
-            if master['pki_subsystem'] in config.PKI_SUBSYSTEMS and\
-               util.instance.pki_subsystem_instances() == 0:
+            if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\
+               util.instance.apache_instances() == 0:
+                util.file.delete(master['pki_cert_database'])
+                util.file.delete(master['pki_key_database'])
+                util.file.delete(master['pki_secmod_database'])
+                util.file.delete(master['pki_shared_password_conf'])
+            elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\
+                 util.instance.tomcat_instances() == 0:
                 util.file.delete(master['pki_cert_database'])
                 util.file.delete(master['pki_key_database'])
                 util.file.delete(master['pki_secmod_database'])
                 util.file.delete(master['pki_shared_password_conf'])
         else:
             # ALWAYS display correct information (even during dry_run)
-            if master['pki_subsystem'] in config.PKI_SUBSYSTEMS and\
-               util.instance.pki_subsystem_instances() == 1:
+            if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\
+               util.instance.apache_instances() == 1:
+                util.file.delete(master['pki_cert_database'])
+                util.file.delete(master['pki_key_database'])
+                util.file.delete(master['pki_secmod_database'])
+                util.file.delete(master['pki_shared_password_conf'])
+            elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\
+                 util.instance.tomcat_instances() == 1:
                 util.file.delete(master['pki_cert_database'])
                 util.file.delete(master['pki_key_database'])
                 util.file.delete(master['pki_secmod_database'])